CIA Triad

Governance (GRC) πŸ“œ β€’ Sec+ Glossary πŸ“– β€’ Difficulty: free

What is CIA Triad?

The CIA Triad is a foundational security model built around confidentiality, integrity, and availability, which are the three core goals used to protect information and systems.

Examples

  • A hospital limits access to patient records so only authorized staff can view them, protecting confidentiality.
  • A finance system uses hashing and approval controls to ensure transaction data is not altered improperly, protecting integrity.

Discover πŸ”Ž

Many cybersecurity topics focus on specific attacks, tools, or technologies, but the CIA Triad is different. It is not a product and it is not a single defense. It is a way of thinking about what security is supposed to achieve. When organizations protect information, they are usually trying to protect one or more of three things: who can see it, whether it stays accurate, and whether it remains accessible when needed.

That is why the CIA Triad matters so much. It gives security teams a simple but powerful framework for understanding risk. Instead of asking only, β€œIs this system secure?” a better question becomes, β€œHow could confidentiality, integrity, or availability be harmed here?” That shift makes security planning much clearer and more practical.

Summary πŸ“

The CIA Triad is a core security model built around confidentiality, integrity, and availability. It helps organizations understand what security is meant to protect and gives teams a practical way to think about risk, controls, and priorities. Even though it is simple, it remains one of the most important foundations in cybersecurity.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.